35692 matches found
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by a arbitrary code execution in OpenSSH server [CVE-2024-6387]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by arbitrary code execution in OpenSSH server, caused by a signal handler race condition CVE-2024-6387. Open SSH is a component of a glibc library that is included in our Speech Service Runtimes, but not actively...
Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control
Summary Node.js is vulnerable to remote attacker to obtain sensitive information, denial of service, HTTP request smuggling and allow a local authenticated attacker to gain elevated privileges on the system. These vulnerabilities affect IBM Spectrum Control. CVE-2024-27983, CVE-2024-22019,...
Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System
Summary There are vulnerabilities in PostgreSQL versions used by IBM Storage Scale System that could allow a remote authenticated attacker to obtain sensitive information or bypass security restrictions, a denial of service and a buffer overflow. IBM Storage Scale System has addressed the...
Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532)
Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Vulnerability Details CVEID:CVE-2024-37532 DESCRIPTION: IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. CVSS Base score: 8.8 CVSS Tempora...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.
Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticate...
Security Bulletin: Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1
Summary Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing...
Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2023-31582, CVE-2023-51775)
Summary The Jose4j library is vulnerable to a denial of service, caused by improper input validation. It could also allow a remote attacker to obtain sensitive information using cryptographic attacks. Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to...
Security Bulletin: IBM MQ Appliance is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2024-20952 and CVE-2023-33850)
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped in IBM MQ Appliance. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-24795, CVE-2023-38709)
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...
Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.
Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2013-2115, CVE-2013-4316, CVE-2014-0112, CVE-2014-0113, CVE-2015-5209, CVE-2016-3082, CVE-2016-4436, CVE-2017-12611, CVE-2019-0230, CVE-2019-0233, CVE-2020-17530, CVE-2021-31805,...
Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.
Summary IBM Rational Build Forge 8.0.0.26 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a...
Security Bulletin: Vulnerability in Enterprise Security API for Java affects IBM Process Mining WS-2023-0429
Summary There is a vulnerability in Enterprise Security API for Java that could allow an remote attacker to steal cookie-based authentication credentials on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially...
Security Bulletin: IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities.
Summary IBM DevOps Release 7.0.0.1 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-21733 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the leaking of unrelated request bodies in default error page. By sending a special...
Security Bulletin: Vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel can affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Spring, Tomcat, Jackson, sudo, and Linux kernel. Vulnerabilities include obtaining sensitive information, gaining elevated privileges, executing arbitrary commands, denial of service, and bypassing security restrictions, as...
Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 267 Vulnerability Details CVEID:CVE-2024-20919 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause hi...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-43642
Summary snappy-java is used by the IBM Datapower Operations Dashboard as a compressor/decompressor for Java Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafted...
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.4.1 Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION: shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing to clean the buffer used to store...
Security Bulletin: IBM Copy Services manager is affected by IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676
Summary IBM Copy Services Manager is affected by All applicable Java SE CVEs published by Oracle as part of their October 2023 Critical Patch Update plus CVE-2023-5676. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing (PUB) jQuery Vulnerability
Summary IBM Engineering Lifecycle Optimization - Publishing jQuery and jQuery.min found vulnerable Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remot...
Security Bulletin: App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.14 LTS and 11.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: IBM UrbanCode Deploy (UCD) is susceptible to multiple Eclipse Jetty vulnerabilities (CVE-2023-36478, CVE-2023-44487)
Summary IBM UrbanCode Deploy UCD is susceptible to multiple Eclipse Jetty denial of service vulnerabilities. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)
Summary IBM Cloud Kubernetes Service is affected by security vulnerabilities in the Kubernetes API server that may allow a denial of service attack from unauthenticated clients CVE-2023-39325 and CVE-2023-44487. Vulnerability Details CVEID: CVE-2023-39325 Description: A malicious HTTP/2 client...
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2019-6978, CVE-2019-6977)
Summary The following vulnerabilities in PHP have been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2019-6978 DESCRIPTION: The GD Graphics Library aka LibGD 2.2.5 has a double free in the gdImagePtr functions in gdgifout.c, gdjpeg.c, and gdwbmp.c...
Security Bulletin: IBM Flex System switch firmware products are affected by a vulnerability in OpenSSL (CVE-2019-1559)
Summary IBM Flex System switch firmware products have addressed the following OpenSSL vulnerability. Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after t...
Security Bulletin: IBM Flex System switch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0732)
Summary IBM Flex System switch firmware products have addressed the following vulnerability in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server durin...
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSL (CVE-2018-0732 CVE-2018-0737)
Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server durin...
Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway
Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. ...
Security Bulletin: IBM i is vulnerable to a local privilege escalation due to flaws in Management Central (CVE-2023-40685, CVE-2023-40686).
Summary IBM i is vulnerable to a local privilege escalation due to flaws in a Management Central as described in the vulnerability details section. The vulnerabilities exist even when Management Central is not being used for systems management tasks. IBM i has addressed the vulnerabilities with...
Security Bulletin: Vulnerability in SANNav software and FOS firmware used by IBM b-type SAN directors and switches.
Summary The SANnav Management Portal, Global View, and FOS firmware for IBM b-type products are vulnerable due to an OpenSSL issue. The vulnerability has been addressed and can be resolved by applying the SANnav and FOS code levels listed below. Vulnerability Details CVEID: CVE-2022-2068...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass
Summary Node.js is used by IBM App Connect Enterprise Certified Container for running integration code. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability in Node.js...
Security Bulletin: Vulnerability in Spring Session affects IBM Process Mining . CVE-2023-20866
Summary There is a vulnerability in Spring Session that could allow a local authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20866...
Security Bulletin: OpenSource Apache Taglibs Vulnerability affects IBM Jazz Reporting Service (CVE-2015-0254)
Summary Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection XXE error when processing XML data. Vulnerability Details CVEID:CVE-2015-0254 DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to information disclosure due to Apache MINA SSHD (CVE-2023-35887)
Summary Apache MINA SSHD is shipped with IBM Tivoli Netcool Impact as part of the Command Line Manager service. Information about a security vulnerability affecting Apache MINA SSHD has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-35887 DESCRIPTION: Apache MINA SSHD...
Security Bulletin: IBM Operational Decision Manager September 2023 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-2253...
Security Bulletin: Vulnerability in IBM Java affects DB2 Recovery Expert for Linux, Unix and Windows
Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of...
Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities (CVE-2023-21939, CVE-2023-21967, CVE-2022-29117, XFID: 234366)
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF19 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.19.0 CVE-2023-21939, CVE-2023-21967. The following 3rd party components used...
Security Bulletin: Vulnerabilities found in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center(CVE-2019-10202, CVE-2019-10172)
Summary Multiple vulnerabilities have been identified in jackson-mapper-asl-1.9.13.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerabilit...
Security Bulletin: CVE-2022-40609 may affect Java Technology Edition used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint
Summary CVE-2022-40609 vulnerability in Java Technology Edition could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw by sending specially-crafted data. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Editi...
Security Bulletin: IBM TRIRIGA Application Platform discloses denial of service (CVE-2022-31129)
Summary Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is...
Security Bulletin: IBM Security Directory Suite has multiple vulnerabilities [CVE-2022-33163 and CVE-2022-33168]
Summary The following vulnerabilties in IBM Security Directory Suite have been addressed. Please apply the fixes shown below. CVE-2022-33163 and CVE-2022-33168 Vulnerability Details CVEID:CVE-2022-33163 DESCRIPTION: IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critic...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2023-28530, XFID: 212233, CVE-2022-24999, CVE-2023-28530, CVE-2023-25929)
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4 FP2. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP7. Denial of Service DOS vulnerabilities have been addressed in Netplex json-smart-v2 CVE-2023-1370 , node.js d3-colo...
Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370)
Summary A denial of service vulnerability in netplex json-smart-v2 used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager Virtual Appliance
Summary Multiple security vulnerabilities for open source components used in IBM Security Verify Governance, Identity Manager - Virtual Appliance component have been addressed. Vulnerability Details CVEID:CVE-2020-7729 DESCRIPTION: Node.js grunt module could allow a remote authenticated attacker ...
Security Bulletin: This Power System update is being released to address CVE-2023-25683
Summary The PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the HMC Vulnerability Details CVEID:CVE-2023-25683 DESCRIPTION: IBM PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the...
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management (CVE-2022-1280, CVE-2023-0386, CVE-2022-4269, CVE-2022-2873, CVE-2022-4378)
Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include gaining elevated privileges, obtaining sensitive information, causing the system to crash, and denial of service attack, as described by the CVEs in the "Vulnerability Details"...
Security Bulletin: Pallets Flask is vulnerable to CVE-2023-30861 used in IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Pallets Flask which is vulnerable to CVE-2023-30861 Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a specially crafted...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager - Includes Oracle January 2023 CPU (CVE-2023-21830, CVE-2023-21843)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2023. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities
Summary IBM Edge Application Manager 4.5.1 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that can cause clients to be redirected by an aggregated API server SSRF CVE-2022-3172 Vulnerability Details CVEID: CVE-2022-3172 Description: Kubernetes kube-apiserver is vulnerable to...